Back to Blogger (for a while!)

Well, it looks like I might be back on Blogger faster than I had thought. Somebody appears to have cracked my website.

I tried accessing my blog today, to see if anyone had commented. Got nothing but an “Internal Server Error”. Tried logging in, and found that my home “user” directory is not there. Nobody has logged in via the SSH route since I last did, this morning just before 11, when my Dad and I left for his parents’ place. But someone could have logged in via FTP, having got my password for that using a “packet sniffer”, because passwords on normal FTP are transmitted using plain text, unencrypted.

I’m currently writing a program, currently called Catkin, to assist bloggers manage blogs like mine. My blog was facilitated with “Blosxom” which uses the computer’s filesystem, not a database like most blog servers. All I do is write a blog entry in a common text editor, and use a FTP program to upload it to a given directory. You call it up in your browser, and that “blog.cgi” bit at the end - that’s Blosxom. It finds the last twenty entries, the format files I’ve supplied (an edited version of a “flavour” which I think were designed by Rael Dornfest, the author of Blosxom), runs them together to make a whole HTML file, and displays it in your browser.

With my blog manager, you write the entry, click a button that says “Blog this!”, and up it goes. Just like that. But I wrote to various tech bloggers who I know to use Blosxom, and one of them wrote back to me saying his server doesn’t use FTP, because the password is not encrypted.

The password is also not encrypted when I log into my hosting provider to change things about my account. It’s really bizarre, because SourceForge, the system I use to manage and release Catkin, uses secure transfer for almost everything. And that’s free.

The moral of the story is, if you are looking for a web hosting provider, make sure they use a secure upload system. Especially if you do a blog and expect to publish anything controversial. Because anyone with an axe to grind and a bit of technical knowledge can use what has been called “a trivial packet sniffer”, that is, something which monitors material passing by it on the Internet, find your password, and crack your account - and sabotage it.

Possibly Related Posts:


You may also like...